[Openswan Users] Can Ping but nothing else

P ipsec at dogclan.com
Fri Sep 3 09:22:09 CEST 2004 

Hi all, I'm looking for a little direction here.

I'm running 2 Fedora Core 2 Gateways with Openswan 2.1.5-1 on each. I've 
built 4 tunnels:

Network-Network
Left Subnet-Right Gateway
Left Gateway-Right Subnet
Gateway to Gateway

My setup looks something liket this:


                                        Gateway 1                    
Gateway 2
10.0.0.0 subnet------10.0.0.1--64.x.x.x 
---151.x.x.x--10.0.1.1----10.0.1.0 subnet
                                    eth1        eth0             
eth0          eth1


using the following /etc/ipsec.conf:

config setup
       # Debug-logging controls:  "none" for (almost) none, "all" for lots.
       # klipsdebug=all
       # plutodebug=dns
       interfaces="%defaultroute"
       klipsdebug=none
       plutodebug=none
       uniqueids=yes

conn %default
       keyingtries=1

conn leftnet-rightnet
       left=64.x.x.x
       leftsubnet=10.0.0.0/24
       leftid=64.x.x.x
       leftrsasigkey=(LEFTKEY)
       right=151.x.x.x
       rightsubnet=10.0.1.0/24
       rightid=151.x.x.x
       rightrsasigkey=(RIGHTKEY)
       rightnexthop=151.x.x.1
       auto=start

conn leftgate-rightgate
       left=64.x.x.x
       leftnexthop=64.x.x.1
       leftrsasigkey=(LEFTKEY)
       right=151.x.x.x
       rightnexthop=151.x.x.1
       rightrsasigkey=(RIGHTKEY)

conn leftgate-rightnet
       leftid=64.x.x.x
       left=64.x.x.x
       leftrsasigkey=(LEFTKEY)
       leftnexthop=64.x.x.1
       rightid=151.x.x.x
       right=151.x.x.x
       rightsubnet=10.0.1.0/24
       rightrsasigkey=(RIGHTKEY)
       rightnexthop=151.x.x.1
       auto=start

conn leftnet-rightgate
       leftid=64.x.x.x
       left=64.x.x.x
       leftsubnet=10.0.0.0/24
       leftrsasigkey=(LEFTKEY)
       leftnexthop=64.x.x.1
       rightid=151.x.x.x
       right=151.x.x.x
       rightrsasigkey=(RIGHTKEY)
       auto=start


The tunnels come up and I can ping across the vpn with no problem.  I 
can ping from a client machine to another client, ect.  But that's it.  
I can do anthing else.  Cant access shares, can't connect via remote 
desktop, can't connect to another remote admin program I've installed 
for testing, can't connect to a mail server that's on the other side of 
the vpn.  It seems the only thing I can do is ping.  I'm not getting any 
firewall hits if I watch /var/log/messages while trying to use any of 
the previously mentions apps so I'm sure it's not firewall stopping it.  
I've tried running the app from subnet 1 and run tcpdump on eth1 on 
gateway 2 and I see the packets going across that interface.  At this 
point I'm pretty stumped.

I will be happy to post any other info if it's needed.  Just looking to 
be pointed in the right direction.....

~P~

More information about the Users mailing list